Security consultant

This is a remote position.

We are looking for ahighlyskilled Security professional with a good aptitude for ThreatModeling ability to read through (software) architectural documentsand requirements from the different business groups and giveaccurate and actionable recommendations for the engineers toimplement.

The Consultant must have a goodunderstanding of software architecture and development for threatmodeling purposes i dentify designs andimplementations which go against best practices and securityvulnerabilities analyze the system and break it down into keycomponents based off logic and speak to security risks which may befound in each of those components and apply sound logic and riskdetermination in relation to risk acceptance and business operationimpact.

Job Title : SecurityConsultant

Location : REMOTE

Contract : LongTerm

Requirements :

SecurityDesign Review

• Indepth knowledge ofsecure software development practices andSDLC
• Experience withthreat modeling techniques andtools
• Strong understandingof common security frameworks (e.g. OWASPNIST)
• Proficiency inidentifying and mitigating security vulnerabilities in applicationdesigns
• Familiarity withregulatory compliance standards (e.g. GDPR HIPAAPCIDSS)
• Ability to analyzecomplex data flows and identify sensitive data protectionneeds
• Experience withsecurity architecture and designpatterns
• Strong communicationskills to effectively convey security concepts to technical andnontechnicalstakeholders
• Handson experiencewith security tools (e.g. static analysis DASTSAST)
• Proven ability tocollaborate with crossfunctional teams including developers andDevOps
• Experience withintegrating security into CI / CDpipelines
• Knowledge ofencryption authentication and access controlmechanisms
• Experience inconducting risk assessments and developing mitigationstrategies
• Familiarity withautomated security testing and continuous monitoringpractices
• Ability to documentand report security findings clearly andeffectively
• Experience withincident response planning and forensic readiness in applicationdesign
• Strong problemsolvingskills and attention todetail

ThreatModeling

• Deep understanding ofthreat modeling methodologies particularlySTRIDE
• Proficiency inidentifying and categorizing threats vulnerabilities andrisks
• Experience withthreat modeling tools (e.g. Microsoft Threat Modeling Tool OWASPThreatDragon)
• Strong knowledge ofsecurity frameworks and standards (e.g. OWASPNIST)
• Ability to map threatmodels to security requirements andcontrols
• Experience inapplying STRIDE to various architectural patterns and dataflows
• Familiarity with riskassessment and managementpractices
• Ability to work withcrossfunctional teams to integrate threat modeling into theSDLC
• Strong analyticalskills for identifying potential attack vectors andweaknesses
• Experience withsecurity architecture and defensive designtechniques
• Effectivecommunication skills to explain threat modeling findings tostakeholders
• Knowledge of commonsecurity vulnerabilities and their mitigations (e.g. SQL injectionXSS)
• Ability to create andmaintain comprehensive threat models for complexsystems
• Experience indeveloping mitigation strategies based on threat modelfindings
• Familiarity withregulatory compliance requirements and their impact on threatmodeling
• Strong documentationskills to create detailed threat modelreports
• Continuous learningmindset to stay updated on emerging threats and modelingtechniques

Web Application SecuritySecurity Design Review Threat Modeling

Last updated : 2024-09-19